CVE-2024-20331

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description: The issue is related to the Remote Access SSL VPN feature, specifically with the session authentication functionality. It is caused by insufficient entropy in the authentication process. An unauthenticated, remote attacker could exploit this by determining the handle of an authenticating user and using it to terminate their authentication session. This could force a user to restart the authentication process, preventing legitimate users from establishing remote access VPN sessions.

Recommendations: For Cisco Adaptive Security Appliance (ASA) Software, update to a version that addresses the insufficient entropy issue in the authentication process. For Cisco Firepower Threat Defense (FTD) Software, update to a version that addresses the insufficient entropy issue in the authentication process. As a temporary workaround, consider restricting access to the Remote Access SSL VPN feature until a patch is available.